Signals of trustworthy VPNs – a multilateral initiative

Users reasonably expect their VPN provider to be honest with them and that the VPN provider is, in turn, worthy of its users' trust. The user has to trust that any personal information is not misused, that their web browsing habits won’t be abused, and that their data is not unexpectedly handed to external parties.

In short, VPN providers are in a great position of power over their users. To that end, users deserve more honest behavior and transparency from their VPNs.

Working together with the Center for Democracy & Technology (CDT) – a non-profit organization working to strengthen online civil liberties and human rights – and a few other VPN providers, we have developed a list of questions that we believe a trustworthy VPN service should be able to answer truthfully and thoroughly. These questions address issues around VPNs’ corporate accountability and business models, privacy practices, and security protocols and protections.

A trustworthy provider is characterized by consistent actions that show transparency, honesty, and conscientiousness. The purpose of these questions is to increase trustworthy behavior in VPN providers and to help consumers recognize such behavior in order to make more informed decisions when choosing a provider.

Questions Trustworthy VPNs Should Be Able to Answer

What is the public facing and full legal name of the VPN service and any parent or holding companies? Do these entities have ownership or economic stakes in in other VPN services, and if so, do they share user information? Where are they incorporated? Is there any other company or partner directly involved in operating the VPN service, and if so, what is its full legal name?

The public-facing name is Mullvad VPN.

The legal name of the company is Amagicom AB which is directly owned by the founders Fredrik Strömberg and Daniel Berntsson. Amagicom AB is incorporated in Sweden.

What do you do to protect against unauthorized access to customer data flows over the VPN?

Secure systems are required for privacy, and since Mullvad’s beginning, security has always been deeply ingrained in our culture.

In our app we offer such security features as a kill switch, DNS leak protection, and IPv6 support, all of which we were either first or among the first.

We only utilize the two best VPN protocols, OpenVPN and WireGuard (we were an early adopter of the former and we pioneered the latter).

Because reliability is paramount, our app is built in Rust, a programming language made for building secure programs.

We use code signing for app and server code.

All of our sysadmins use the Qubes operating system, as does most of our team.

We also protect our laptops against tampering.

What other controls does the service use to protect user data?

We offer a number of features to protect our users’ privacy, including these industry firsts:

We accept payment with cash in the mail and Bitcoin.

In our account sign-up process, we ask for no personal information whatsoever, not even an email address.

Our VPN app is open source (find an independent audit report of it on our website).

We are also contributors to the privacy and security communities at large. When we discovered that OpenVPN was vulnerable to Heartbleed and later Shellshock, our warning to the community benefited many other VPN services who took action based on our advice.

In addition, we are the only VPN service to currently offer VPN tunnels with experimental post-quantum security.